Critical macOS Sierra disk image flaw leads to data loss

Apple and its much-hyped APFS or Apple File System have been under hot waters lately as the fateful APFS has been diagnosed with another bug that Apple will have to fix, that too in the same week. On Thursday it was reported that a bug in various iOS and macOS apps were unable to display an Indian Telugu language character and instead crashed into a loop.

Just a few months back Apple had to issue an emergency update for its macOS High Sierra for fixing a bug that revealed passwords of encrypted APFS volumes through the password hint feature. In iOS 11.3 and macOS 10.13.4 software updates Apple has fixed the Telugu character bug. However, this explains that Apple is definitely having a tough time these days.

As per latest findings from Carbon Copy Cloner software developer, Mike Bombich, the APFS system included in the macOS Sierra has a disk image flaw that leads to loss of data. The software developer explained that he identified the data writing vulnerability in the APFS while working on Sparse disk images, which refers to a file that macOS places on the desktop. This file has the standard disk volume structure and the macOS considers it to be physically attached drive. Sparse disk images are quite flexible and commonly used when performing backup and disk cloning operations.

A disk image is a type of file format containing the whole structure and contents of a disk volume like USB, DVD, CD, network share along with hard disk drive. Most Mac applications use disk images especially the backup software application through which users are able to create copies of other volumes to move files quickly in and out of a previous back up the image at some later date.

Bombich explains that he noted that an APFS-formatted sparse bundle disk image volume displayed quite a lot of free space despite that it was full. This sparked curiosity and he copied a video file to the disk image volume and it got copied without giving any error. Surprised to find this, Bombich opened the file and played the video completely as well as checksummed it and learned that it was indeed intact and copied fully on the disk image. After unmounting and remounting of the disk image, the file got corrupted.

This led to the identification of two key issues, firstly, that the free disk space on the APFS-formatted Sparse is not getting updated as it should have been when the actual physical host disk is not free. Secondly, there is the issue of lack of error reports in a situation where write requests fail to grow the disk image dynamically due to which data gets written into a void.

The identified bugs were reported to Apple’s diskimages-helper application service by Bombich. He further noted that SSD startup disks and similar other regular APFS volumes aren’t affected by this bug, which is good news since the majority of users won’t be at-risk due to the bug.

The flaw is most effective when backups are created to network volumes. However, sending out files into the void is definitely not good for any backup software, which is why Bombich has stated that its software will not be supporting the APFS-formatted sparse disk images unless the bug is resolved by Apple.

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.